xerces-j2-2.7.1-12.6.AXS4

エラータID: AXSA:2013-718:01

Release date: 
Friday, December 6, 2013 - 13:31
Subject: 
xerces-j2-2.7.1-12.6.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

The xerces-j2 packages provide the Apache Xerces2 Java Parser, a high-performance XML parser. A Document Type Definition (DTD) defines the legal syntax (and also which elements can be used) for certain types of files, such as XML files.

Security issues fixed wih this release:

• CVE-2009-2625
XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.

Solution: 

Update packages.

CVEs: 
CVE-2009-2625
XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.


Additional Info: 

From Asianux Server 4 SP3.

Download: 

SRPMS
  1. xerces-j2-2.7.1-12.6.AXS4.src.rpm
    MD5: d5e6ad40911e201bd7173897bc88b0e4
    SHA-256: bccc514b4961f81ab854abf13bfb7c00ac664b48bc17aa205dd79a6b9ed87485
    Size: 1.63 MB

Asianux Server 4 for x86
  1. xerces-j2-2.7.1-12.6.AXS4.i686.rpm
    MD5: e722c6a25e405d31ebeb37160531b976
    SHA-256: 9c8ea914f01fb03cd9cbd25d28d895c62dbda9aa88963dc18cfb4a7cbf5ac478
    Size: 2.22 MB

Asianux Server 4 for x86_64
  1. xerces-j2-2.7.1-12.6.AXS4.x86_64.rpm
    MD5: 4315612cb8ee2757cb30e48c32317c84
    SHA-256: c3ffb1bb7c2a0ede53dcc4bbf40c75b5a5548cdbe072038053f3dfbd633846f9
    Size: 2.52 MB